Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2020-0342

Good to know:

icon
icon

Date: June 27, 2020

Regular Expression Denial of Service (ReDoS) vulnerability was found in is-my-json-valid before 2.20.2 via the style format.

Language: JS

Severity Score

Related Resources (2)

https://github.com/mafintosh/is-my-json-valid/commit/c3fc04fc455d40e9b29537f8e2c73a28ce106edb
https://www.mend.io/vulnerability-database/WS-2020-0342

Severity Score

Weakness Type (CWE)

Incorrect Regular Expression

CWE-185

Top Fix

icon

Upgrade Version

Upgrade to version dreamfactory/df-api-docs-ui - 1.1.0;limefamily/yii2-limetheme - 1.0.12;oxid-esales/wave-theme - dev-oxscript-google-analytics;humanmade/coding-standards - dev-dependabot/npm_and_yarn/json-schema-0.4.0;humanmade/coding-standards - v0.4.1;spiral/toolkit - v0.9.0;spiral/toolkit - v0.8.20;spiral/toolkit - v0.8.18;Npm3 - no_fix;Tinfoil - no_fix;z3/t3build-node - 1.0.11;svg2png - no_fix;node-sass-bundle - no_fix;node-sass-bundle - 1.0.2;MIDIator.WebClient - 1.0.105;pwptemplatepusintek - no_fix;jquery - 3.4.0;ilhanet/erpnet-widget-resource - no_fix;NodeBin - no_fix;computerundsound/curserver - 2.2.0;computerundsound/curserver - no_fix;Npm.js - no_fix;Yarnpkg.Yarn - 0.26.1;yuan1994/wechat_web_devtools - 0.15.152901-core;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.11;jsdom - 11.11.0;neon-sys - 0.1.11;Tools.Npm - no_fix;Yarn.MSBuild - 0.22.0;oburatongoi/productivity - 0.3.36;oburatongoi/productivity - 0.0.13;Npm - no_fix;Ncapsulate.Node.Shadow - no_fix;erdiko/user-admin - no_fix;erdiko/user-admin - dev-ER-91;seidemann-web/wave-theme - dev-fixUpLanguageConstants;seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-omage-theme;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;kayrules/solatjakim-api-site - dev-version-1.0;mpcmf/mpcmf-web-app - no_fix;mpcmf/mpcmf-web-app - 1.0.0.x-dev;trezebits/trezevel-gallery - no_fix;nodejs - 8.8.1;is-my-json-valid - 2.20.2;Raml.Parser - 1.0.7;zombie.js - no_fix;azure-cli - no_fix;Betclic.BuildTools.Node - no_fix;org.webjars.npm:bower:1.8.12;org.webjars.npm:is-my-json-valid:2.20.5;org.webjars.npm:bourbon-neat:2.1.0;org.webjars:browser-sync:no_fix;org.webjars:npm:4.4.4;org.webjars:npm:4.0.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us